Aggregator

0x00 前言 最近在学习java的相关漏洞，所以Struts2的漏洞自然是绕不开的。为了更好的理解漏洞原理，计划把Struts2所有的漏洞自己都做一个复现。并且自己去实现相关的POC。相关的环境搭建，以及POC实现细节，参考文章我都会尽可能的写清楚。方便自己记录学习过程的同时，方便看文章的人学习。

With Mirai rearing its ugly head again, we’re revealing its C&C hostnames so organizations can update their denylists and protect themselves.

With Mirai rearing its ugly head again, we’re revealing its C&C hostnames so organizations can update their denylists and protect themselves.

A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.

A new Python-based botnet that mines Monero spreads via SSH and leverages Pastebin to publish new C&C server addresses.

The safest way to run a network is to assume it’s going to breached, but that also means minimizing your liability and ensuring the executive team is fully aware of what is going on.

The safest way to run a network is to assume it’s going to breached, but that also means minimizing your liability and ensuring the executive team is fully aware of what is going on.

又是一年 …

又是一年 …

又是一年 …

我们实验室于近期推出了一个工控安全资讯搜集与分享工具（https://cert.plcscan.org），长久…

有续篇还是没续篇，这是一个问题。

有续篇还是没续篇，这是一个问题。

有续篇还是没续篇，这是一个问题。

Most security researchers have good intentions, but ethics must play a central role in the decisions they make.

Most security researchers have good intentions, but ethics must play a central role in the decisions they make.

今年是书单汇总的第五年，看得书不多，玩的游戏看的番